Cisco 642-504
642-504 Securing Networks with Cisco Routers and
Switches
Practice Test
Version 2.5
http://certkill.com
QUESTION NO: 1
Which two technologies can secure the control plane of the Cisco router? (Choose two. r
A. BPDU protection
B. role-based access control
C. routing protocol authentication
D. CPPr
Answer: C,D
QUESTION NO: 2
Cisco Secure Access Control Server (ACS) is a highly scalable, high-performance access control
server that provides a comprehensive identity networking solution. Which of these statements is
correct regarding user setup on ACS 4.0?
A. Users are assigned to the default group.
B. A user can belong to more than one group.
C. The username can contain characters such as "#" and "?".
D. The settings at the group level override the settings configured at the user level
Answer: A
QUESTION NO: 3
Please study the exhibit carefully, and then answer the following question: .
Cisco 642-504: Practice Exam
2
http://certkill.com
Cisco 642-504: Practice Exam
3
http://certkill.com
Cisco 642-504: Practice Exam
4
http://certkill.com
Refer to the appropriate SDM screen(s), which two statements correctly describe the Cisco IOS
Zone-Based Firewall configuration? (Choose two)
A. The "reset" action is applied to any HTTP request sourced from the "in" zone and destined to
the "out" zone, which also has a request Uniform Resource Identifier (URI) that is greater than 500
bytes is length.
B. The "inspect" action is applied to Internet Control Message Protocol (ICMP) traffic sourced from
the "in"zone and destined to the "out" zone.
C. The "http-policy" inspection policy map is applied to all HTTP and HTTPS traffic sourced from
the "in" zone and destined to the "out" zone.
D. The "testpm" inspection polfcy map is applied to the r'inouf zone-pair.
Answer: A,D
QUESTION NO: 4
Refer to the appropriate SDM screen(s), what is the User Datagram Protocol (UDP) idle time set
for any HTTP traffic that is sourced from the "in" zone and destined to the "out" zone?
Cisco 642-504: Practice Exam
5
http://certkill.com
Cisco 642-504: Practice Exam
6
http://certkill.com
Cisco 642-504: Practice Exam
7
http://certkill.com
A. 10 seconds
B. 15 seconds
C. 30 seconds
Cisco 642-504: Practice Exam
8
http://certkill.com
D. 35 seconds
Answer: D
QUESTION NO: 5
Refer to the appropriate SDM screen(s), what is the reason that outside hosts can't initiate Telnet
(port 23) traffic to the 172.16.1.10 inside host?
Cisco 642-504: Practice Exam
9
http://certkill.com
v
Cisco 642-504: Practice Exam
10
http://certkill.com